Phishing Email Guide

    How to Report a Phishing Email

    A clear five-step process for documenting phishing emails and getting the linked website taken offline: not just marked as spam.

    The 5-Step Email Reporting Workflow

    Step 1

    Do not click any links

    Phishing emails sometimes track opens and clicks. Open the message in plain-text or preview mode and never log in via the embedded button.

    Step 2

    Save the original email

    Export the message as .eml or .msg so the full headers, SPF/DKIM/DMARC results, and routing path are preserved. These prove where the mail really came from.

    Step 3

    Capture the landing page

    Screenshot the phishing page in an isolated browser. Record the final URL after redirects: this is the page Blackwall will push for takedown.

    Step 4

    Submit to the right channels

    Forward the .eml to reportphishing@apwg.org, file with Google Safe Browsing, and submit the URL to Blackwall so the hosting provider takes the page offline.

    Step 5

    Confirm the takedown

    Within hours the URL is added to browser block-lists; Blackwall keeps you updated until the host confirms the page is gone. Pro plans automate 24h follow-ups.

    Where to Report a Phishing Email

    Report in parallel: each authority handles a different layer of the response.

    Blackwall
    Infrastructure

    Submits the phishing URL to the hosting provider and registrar to disable the page. You receive status updates as the takedown progresses.

    File on Blackwall

    APWG

    Anti-Phishing Working Group. Forward the raw .eml to reportphishing@apwg.org. Feeds browser block-lists worldwide.

    apwg.org/reportphishing

    Google Safe Browsing

    Adds the linked URL to the Safe Browsing list so Chrome, Gmail, and Android show interstitial warnings to other users.

    safebrowsing.google.com

    Mailbox Provider

    Microsoft (junk@office365.microsoft.com), Gmail (in-message Report Phishing), iCloud (reportphishing@apple.com). Improves spam classification for everyone on the platform.

    Frequently Asked Questions

    Ready to report the phishing email?

    Submit the URL embedded in the email in under two minutes. The Blackwall team handles the takedown correspondence on your behalf.

    Cookie Notice

    We use cookies to ensure the functionality of our website. Necessary cookies are required for operation. Optional cookies help us improve our services. For more information, see our Privacy Policy.